Our primary firewall has been exhibiting some complete lockups for the past week, and we've brought up the secondary firewall to replace it. These two are meant to be a single failover cluster, but i've unfortunately not had time to finish the configuration for this.
While doing this, we were unable to get the DHCP server on the secondary firewall to hand out any leases, it was giving the error peer holds all free leases. As far as i can tell, this happens when a secondary DHCP server is brought up, never having seen the primary DHCP server. It can be fixed by forcing the secondary server into PARTNER-DOWN mode (see the section 'Failover Startup' in https://linux.die.net/man/5/dhcpd.conf).
In the end, we got around this by removing the failover config chunk from our DHCP servers, but that means we won't be able to bring the primary firewall back online without reconfiguration once the issue is resolved.
A way of forcing a secondary server into this mode if everything has gone horribly wrong would be very useful - even if it only lasts until next reboot. There is a script which shows how to put the dhcpd into this mode at (Search for change_state.sh at https://bugzilla.redhat.com/show_bug.cgi?id=610219)